Douglas Otis, wrote: > The concern is rather simple. DKIM as it currently stands, only > offers per-user-keys as a possible solution to control replay abuse.
I'm having trouble seeing the threat with replay.. Can someone help differentiate these two scenarios: 1. Replay 2. Sending mail from that domain from within the organisation (Eg. An employee sending thousands of emails through Outlook) Is the replayer and rogue employee the only problem in both cases? If DKIM is supposed to make domain owners responsible for the email from that domain, should it not be the domain owner preventing replay/abuse, not DKIM? Cheers, Paul Get the latest news on SurfControl and our products, subscribe to our monthly e-newsletter, SurfAdvisory at: http://www.surfcontrol.com/resources/surfadvisory/surfadvisory_signup.aspx ********************************************************************* The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you believe that you have received this email in error, please contact the sender. ********************************************************************* _______________________________________________ ietf-dkim mailing list [email protected] http://mipassoc.org/mailman/listinfo/ietf-dkim
